Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Front page taken over by SimianS

  1. #1
    Junior Member
    Join Date
    Feb 2004
    Posts
    5

    Front page taken over by SimianS

    The front page of the club that I work at has been replaced by some message by 'SimianS'. I can't read it (spanish?). I don't know who they are or why they took over our page. It's not a huge deal, the page is just a schedule for the New Paris Theatre (newparistheatre.com), but I'd like our web page back. What do I do?

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Off-hand I'd say log in and replace the pages. When I attempted to connect to newparistheatre.com and www.newparistheatere.com , I'm getting "page cannot be found". DNS Error?

    As for "SimianS", most likely a "Defacement" group. It's likely you've done something like left permissions open for anyone to upload pages.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Jan 2004
    Posts
    199
    Contact your server admin/company and tell them what has happened
    -

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    407
    tell me you have backed up your site. please dont say that you have no other copies. If you do, just delete the current index.html and whatever other pages they changed and restore from your backups. scan for virii, my bet is that they may have put a backdoor in so they can come back later. also, check to see if they put any files on your server. after you havce it all restored, get all the patches and updates for your server and lockdown all services that aren't necessary. BTW, your link is working.


    slick


    [edit] damn, you guys really do type fast! [/edit]
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    BTW, your link is working.
    ?? It is? You're able to get to the site?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Junior Member
    Join Date
    Feb 2004
    Posts
    5
    Thanks for the quick answers. If only our ISP were this quick (first place I went). Do these defacers target particular places or just search for loose security? I haven't been the webmaster for a while (boss found cheaper guy), I'm almost tempted to let him flail for a while but I'm a nice guy. I have a backup (and a backup for the backup) of my old page, hope new guy has one (hehe, might get the job back today). It sounds like this will be pretty simple to fix. Where should I go to learn how to tighten up the security? Thanks again for the help.

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Depends on their goal. For the most part, IMHO, defacers just choose the easiest targets. So they look for server(s) that have vulnerabilities they can exploit.

    Some of the things you can do to tighten up security:

    - speak to your ISP and ask how up to date they are and what their procedures are for something like this (how do they deal with it). If they can't give you an answer you're comfortable with, look for another place (cheaper is not necessarily better)
    - ensure that the permissions for your directory are at the strictest while allowing viewability/useability. Often people allow everyone to have the ability to peruse directories, upload to directories and delete directories. Not a good option. If you're using *nix, permissions should be set -- for directories -- to 711. It's been a while since I've touched a Windows Web server but really, all you'd need is Execute and Read options (IIRC) for Windows.
    - Always have backups. Something will go wrong when you least expect it. Your webmaster should have backups if it's been recently altered. You can do some creative recovery with Google if you get desperate.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Junior Member
    Join Date
    Feb 2004
    Posts
    5
    So it's pretty much graffiti? I don't think we've pissed anybody off, but you never know. I can get to the page if I use the homepage button but not if I type in the URL. I switched to Opera and am avoiding it now. My knowledge of security is limited to my pc and what I learned at Gibson Research Corp. page. Their scans said my computer was invisible to the web. Can nasties be recieved simply by opening a page (cookie)? I've read things that hint at it, but no real answers.

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    So it's pretty much graffiti?
    Yup. Most like it was just because the server was vulnerable. If it was against you or the company personally, you'd see a message reflecting that.

    Can nasties be recieved simply by opening a page (cookie)? I've read things that hint at it, but no real answers.
    Yup. Browser hijacking is far more common than people realize. Simply going through some of the threads in the Adware/Spyware forum will show you that. In fact, one "phish" (a technique to get or "fish" out information from users) I saw today has a website that forcibly downloads a java app to the user's machine when they view java. The app, AFAIK, actually takes cookie information and sends it to a specific email address. Never assume anything is secure, even if "GRC" says it is. There is always a way in. The question is do you know it?

    You might want to visit your local library or bookstore and check out their computer security section(s). Books like Hacking Exposed, HackerProof, etc. all give an idea of what the risks are.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Junior Member
    Join Date
    Feb 2004
    Posts
    5
    I think I'll grab one of those books. Can things like the forced java routine get sensitive info like passwords, or just hijack the browser? Does adaware catch these?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •